JP2022101952A - Device management system, management apparatus, communication device, device management method, and program - Google Patents

Abstract

To provide a device management system configured to implement off-line authentication with a simpler configuration, a management apparatus, a communication device, a device management method, and a program.SOLUTION: A device management system includes one or more managed devices which authenticate log-in requests for the devices, and a management apparatus which can communicate with the managed devices. The management apparatus includes an authentication information providing unit which generates and provides an authentication information group including multiple pieces of authentication information necessary for authenticating the log-in requests, for each of the managed devices. The managed device includes an authentication unit which shifts the device into a state in accordance with the log-in request on the basis of the authentication information group provided from the management apparatus.SELECTED DRAWING: Figure 1

Description

The present invention relates to a device management system, a management device, a communication device, a device management method, and a program.

Conventionally, there is a technique of executing an authentication process of a user who tries to log in to a client terminal on an online server device. In such an authentication method, it is premised that the client terminal is connected to the server device so that it can communicate with the server device. Therefore, if the client terminal cannot communicate with the server device for some reason, the user recovers the communication state. You cannot log in to the client terminal until you do. For the purpose of solving such a problem, for example, when a server device receives an authentication request from a client terminal, a method has been proposed in which an offline token that is valid for a certain period of time is generated and transmitted to the client terminal (. For example, see Patent Document 1).

International Publication No. 2017/199577

However, in the conventional method, the client terminal needs an authentication request to the server device in order to acquire the offline token. Further, in the conventional method, since the offline authentication method and the online authentication method are different, the processing may be complicated and the management may be complicated.

The present invention has been made in consideration of such circumstances, and provides a device management system, a management device, a communication device, a device management method, and a program capable of realizing offline authentication with a simpler configuration. One of the purposes is to provide.

The device management system, management device, communication device, device management method, and program according to the present invention have the following configurations.
(1): The device management system according to one aspect of the present invention is a device management system including one or more managed devices for authenticating a login request to the own device and a management device capable of communicating with the managed device. The management device includes an authentication information providing unit that generates and provides an authentication information group including a plurality of authentication information necessary for authentication of the login request for each management target device, and the management target device is the management target device. It is a device management system including an authentication unit that transitions its own device to a state corresponding to the login request based on the authentication information group provided by the management device.

(2): In the embodiment of (1) above, the management device is acquired by a device information acquisition unit that acquires device information that enables identification of the managed device from a device other than the managed device. When the device information is included in the device information group registered in advance, one or more authentication information is selected from the authentication information group generated for the managed device identified by the device information. It further includes an authentication information issuing unit for issuing to the other device.

(3): In the embodiment of (2) above, the device information acquisition unit acquires the device information by image recognition processing for an image showing the device information or an image showing information encoded from the device information. be.

(4): In any one of the above (1) to (3), the authentication information providing unit updates the authentication information group at a predetermined timing, and the updated authentication information group is the management target. The managed device provides an authentication information management unit that updates the current authentication information group with the updated authentication information group when the updated authentication information group is provided from the management device. Further preparation.

(5): In any one of the above (1) to (4), the authentication information providing unit converts the generated authentication information group using a predetermined conversion function into a converted authentication information group. It is provided to each managed device.

(6): In any one of the above (1) to (5), the authentication unit receives the input information input to the own device in response to the login request to the authentication information supplied from the management device. The login request is authenticated when the authentication information of any of the groups is matched.

(7): In the embodiment of (6) above, when the authentication unit succeeds in authenticating the login request, the authentication unit deletes the authentication information matching the input information from the authentication information group supplied from the management device. Is.

(8): The management device according to one aspect of the present invention generates an authentication information group including a plurality of authentication information necessary for authentication of a login request for one or more managed devices for each managed device, and each managed device. Based on the authentication information providing unit provided to the device, the storage unit that stores the authentication information group for each managed device, and the authentication information group generated for the managed device in response to the request of the managed device. The authentication unit that transitions the managed device to the state corresponding to the login request, and the authentication information necessary for the own device or the managed device to transition the managed device to the state corresponding to the login request. It is a management device including an authentication information issuing unit that issues based on the authentication information group generated for the managed device.

(9): The communication device according to one aspect of the present invention is a communication device capable of communicating with the management device, which is an authentication information group provided by the management device, and is necessary for authentication of a login request to the own device. Based on the storage unit that stores a plurality of authentication information groups including a plurality of authentication information in advance, and the authentication information group stored in the storage unit when the login request is received in a situation where communication with the management device is not possible. It is a communication device including an authentication unit that transitions the device to a state corresponding to the login request.

(10): The device management method according to one aspect of the present invention is in a device management system including one or more managed devices for authenticating a login request to the own device and a management device capable of communicating with the managed device. The management device generates an authentication information group including a plurality of authentication information necessary for authenticating the login request to the managed device for each managed device and provides the managed device to the managed device. This is a device management method for transitioning an own device to a state corresponding to the login request based on the authentication information group provided by the management device.

(11): The program according to one aspect of the present invention generates an authentication information group including a plurality of authentication information necessary for authentication of a login request for one or more managed devices on a computer for each managed device. The management target device is provided, the authentication information group for each management target device is stored in the storage unit, and the management target is based on the authentication information group generated for the management target device in response to the request of the management target device. Based on the authentication information group generated for the managed device, the device is transitioned to the state corresponding to the login request, and the own device or the managed device generates the authentication information necessary for authenticating the login request for the managed device. It is a program to be issued.

(12): The program according to one aspect of the present invention is an authentication information group provided in advance from the management device to a computer capable of communicating with the management device, and is authentication information necessary for authenticating a login request to the own device. When the login request is received in a situation where communication with the management device is not possible, the own device is logged in based on the authentication information group stored in the storage unit. It is a program that transitions to the state according to the request.

According to (1) to (12), the managed device includes a group of authentication information including a plurality of authentication information necessary for authentication of a login request to the managed device by the management device capable of communicating with one or more managed devices. It is generated for each and provided to each managed device, and the managed device transitions its own device to a state corresponding to the login request based on the authentication information group provided from the management device, so that it is offline. Time authentication can be realized with a simpler configuration.

It is a system configuration diagram which shows the configuration example of the device management system of an embodiment. It is a figure which shows an example of the password information in an embodiment. It is a schematic diagram explaining the method of authenticating the user's login request to the battery exchange in the device management system of embodiment. It is a schematic diagram explaining the method of authenticating the user's login request to the battery exchange in the device management system of embodiment. It is a sequence diagram which shows an example of the flow of the process of authenticating the user's login request to the battery exchange in the device management system of embodiment. It is a sequence diagram which shows an example of the flow of the process of authenticating the user's login request to the battery exchange in the device management system of embodiment. It is a flowchart which shows an example of the online authentication processing in an embodiment. It is a flowchart which shows an example of the offline authentication processing in an embodiment. It is a flowchart which shows an example of the offline authentication processing by the 1st modification.

Hereinafter, embodiments of the device management system, management device, communication device, device management method, and program of the present invention will be described with reference to the drawings.

FIG. 1 is a system configuration diagram showing a configuration example of the device management system 100 of the present embodiment. The device management system 100 is a system that manages the battery switch 600. The device management system 100 has a function of authenticating a user login request for the battery switch 600 in the management of the battery switch 600. Here, the authentication of the login request to the battery switch 600 means that the battery switch 600 is changed to the state corresponding to the login request. For example, the authentication of the login request is to allow the user to log in to the battery switch 600, and to transition to a state in which the user can perform necessary operations on the battery switch 600. The device management system 100 includes a FW terminal 300, a management server 500, and a battery switch 600. The management server 500 is an example of the management device in the present invention. Further, the battery switch 600 is an example of the communication device in the present invention, and is an example of the managed device.

In the FW terminal 300, a field worker (FW: Field Worker, hereinafter also referred to as “user”) starts using the battery switch 600 at the installation site of the battery switch 600 (hereinafter, may be simply referred to as “site”). It is a terminal device used to acquire the information necessary for the operation. Specifically, the FW terminal 300 is used to acquire information necessary for logging in to the battery switch 600 from the management server 500. Here, the information required for logging in to the battery switch 600 is, for example, a one-time password (hereinafter, may be abbreviated as "OTPW" (One-Time Password)). The battery changer 600 is a device that collects a used battery and replaces it with a charged battery. When the used battery is supplied, the battery switch 600 provides the charged battery instead of collecting the supplied used battery, and also charges the collected used battery. The fully charged battery will be used as a replacement battery during subsequent battery recovery.

The management server 500 is communicably connected to the FW terminal 300 via the network NW1. For example, the network NW1 is a WAN (Wide Area Network) including a public network such as a cellular network and the Internet. The management server 500 may be connected to the network NW1 by wired communication, or may be connected to the network NW1 by wireless communication. On the other hand, the management server 500 is communicably connected to the battery switch 600 via the network NW2. The network NW2 is a network for the management server 500 to communicate with the battery switch 600 regarding device management. Therefore, the network NW2 may be configured as a network with higher security than the network NW1. For example, the network NW2 may be configured as a WAN using a closed network such as wide area Ethernet (registered trademark) or a dedicated line. The management server 500 may be connected to the NW2 by wire communication or may be connected to the network NW2 by wireless communication.

The management server 500 is a server having a management function of the battery switch 600. For example, the management server 500 has a function of issuing a one-time password required for logging in to the battery switch 600, a function of authenticating a login request to the battery switch 600 (hereinafter referred to as "online authentication function"), and offline authentication. It has a function of providing the necessary password information to the battery switch 600 in advance. Here, the offline authentication is an authentication method in which the battery exchange 600 itself authenticates the login request to the battery exchange 600. The password information is information in which a one-time password required for authentication is described, and is information shared in advance between the management server 500 and the battery switch 600. On the other hand, online authentication is an authentication method in which the management server 500 authenticates the login request to the battery switch 600. The management server 500 issues a one-time password based on the password information previously shared with the battery switch 600 in this way. The one-time password is an example of the authentication information in the present invention, and the password information is an example of the authentication information group in the present invention.

The battery switch 600 is communicably connected to the management server 500 via the network NW2. The battery switch 600 may be connected to the NW2 by wire communication or may be connected to the network NW2 by wireless communication. The battery switch 600 has a function of authenticating a login request to itself. Specifically, the battery switch 600 requests the management server 500 to authenticate by online authentication when it can communicate with the management server 500, and it authenticates by offline authentication when it cannot communicate with the management server 500. Try. The battery switch 600 allows login to itself if the authentication is successful. The battery exchange 600 may be configured to have only an offline authentication function without an online authentication function and always authenticate a login request by offline authentication.

As described above, the device management system 100 of the embodiment includes a management server 500 capable of authenticating a login request to the battery switch 600 by online authentication, and a battery switch 600 capable of authenticating the login request by offline authentication, and is a management server. The 500 is provided with a configuration in which the password information required for offline authentication is provided to the battery switch 600. Hereinafter, the configuration of each device included in the device management system 100 will be described in detail. First, the configuration of the FW terminal 300 will be described.

The FW terminal 300 includes an image pickup unit 301, a wireless communication unit 310, an input unit 320, a display unit 330, a storage unit 340, and a control unit 350. Among these components, the control unit 350 is realized by, for example, a hardware processor such as a CPU (Central Processing Unit) executing a program (software). Some or all of these components are hardware (circuit parts) such as LSI (Large Scale Integration), ASIC (Application Specific Integrated Circuit), FPGA (Field-Programmable Gate Array), GPU (Graphics Processing Unit). It may be realized by (including circuits), or it may be realized by the cooperation of software and hardware. The program may be stored in advance in a storage device (a storage device including a non-transient storage medium) such as an HDD (Hard Disk Drive) or a flash memory, or a removable storage such as a DVD or a CD-ROM. It is stored in a medium (non-transient storage medium) and may be installed by mounting the storage medium in a drive device.

The image pickup unit 301 is configured by using an image pickup device such as a camera. The image pickup unit 301 captures a subject in a range determined according to the position and orientation of the FW terminal 300, and generates image data in which the subject in the range is captured. The image pickup unit 301 outputs the generated image data to the control unit 350.

The wireless communication unit 310 is a wireless communication interface that wirelessly connects the FW terminal 300 to the network NW1. For example, the wireless communication unit 310 is configured by using a wireless LAN interface that can be connected to the network NW1. The wireless communication unit 310 is communicably connected to the management server 500 via the network NW1.

The input unit 320 is configured by using an input device such as a button, a switch, a keyboard, a mouse, and a touch panel. The input unit 320 receives an operation input to the FW terminal 300. The input unit 320 outputs input information indicating the contents of the received operation input to the control unit 350.

The display unit 330 is configured by using a display device such as a liquid crystal display, an organic EL display, or a touch panel. The display unit 330 can display arbitrary information based on the instruction of the control unit 350.

The storage unit 340 is configured by using a storage device such as an HDD or a flash memory. The storage unit 340 stores data of a program executed by the FW terminal 300, communication data transmitted / received to / from another device, and various information related to the operation of the FW terminal 300.

The control unit 350 has a function of controlling the operation of the FW terminal 300 by inputting / outputting information to / from the image pickup unit 301, the wireless communication unit 310, the input unit 320, the display unit 330, and the storage unit 340. Here, the control function of the control unit 350 includes a function of acquiring each device information from the appearance of each battery switch 600 and a function of acquiring a one-time password from the management server 500. The control unit 350 includes a device information acquisition unit 351 and an OTPW acquisition unit 352 as configurations for realizing these functions.

The device information acquisition unit 351 has a function of reading the device information of the battery switch 600 from the image data acquired by the image pickup unit 301 by executing the image recognition process. Here, the device information is information that makes it possible to identify each battery switch 600. For example, the device information may include individual identification information for identifying each individual of the battery switch 600, or may include a plurality of types of information that make each individual identifiable by a combination. For example, in the present embodiment, it is assumed that device information (hereinafter referred to as “encoded information”) encoded by a bar code, a two-dimensional code, or the like is displayed on the surface of the housing of the battery exchanger 600. In this case, the position and orientation of the FW terminal 300 are adjusted by the user so that the coded information is captured by the imaging unit 301. The device information acquisition unit 351 recognizes the coded information by performing image recognition processing on the image data acquired by the image pickup unit 301, and decodes the recognized coded information to acquire the device information. The device information acquisition unit 351 outputs the device information acquired in this way to the OTPW acquisition unit 352. The device information itself may be displayed on the surface of the housing of the battery exchange 600 instead of the coded information. Further, in this case, the image recognition process may be a process of directly recognizing device information from the image data.

The OTPW acquisition unit 352 has a function of acquiring a one-time password required for logging in to the battery switch 600 from the management server 500. Specifically, the OTPW acquisition unit 352 sends the device information read about the login target battery switch 600 to the management server 500 to issue a one-time password required for logging in to the battery switch 600 as a management server. Request 500 and get a one-time password in response to the request. When the OTPW acquisition unit 352 can acquire the one-time password from the management server 500, the OTPW acquisition unit 352 displays the acquired one-time password on the display unit 330.

For example, the device information acquisition unit 351 and the OTPW acquisition unit 352 are realized by a user application (hereinafter referred to as "OTPW application") operating on the FW terminal 300. For example, the OTPW application is started by a user's operation, and the operation screen has a live view of the camera by the image pickup unit 301 and a display area of a one-time password issued by the management server 500 (hereinafter referred to as "password display unit"). .) And are placed. In this case, the device information acquisition unit 351 performs image recognition processing on the image displayed in the live view, and when the device information is detected from the image, the detected device information is transmitted to the OTPW acquisition unit 352. Output. When the device information is input from the device information acquisition unit 351, the OTPW acquisition unit 352 sends the input device information to the management server 500 and manages the issuance of a one-time password for logging in to the battery switch 600 related to the device information. Request to server 500. When the one-time password is normally issued, the device information acquisition unit 351 displays the issued one-time password on the password display unit of the operation screen. This allows the user to visually confirm the one-time password issued by the password display unit.

Subsequently, the configuration of the management server 500 will be described. The management server 500 includes a first communication unit 511, a second communication unit 512, a storage unit 540, and a control unit 550. Among these components, the control unit 550 is realized by, for example, a hardware processor such as a CPU executing a program (software). Some or all of these components may be realized by hardware such as LSI, ASIC, FPGA, GPU (circuit part; including circuitry), or realized by the cooperation of software and hardware. May be good. The program may be stored in advance in a storage device (a storage device including a non-transient storage medium) such as an HDD or a flash memory, or a removable storage medium (non-transient) such as a DVD or a CD-ROM. It is stored in a sex storage medium) and may be installed by attaching the storage medium to a drive device.

The first communication unit 511 is a communication interface for connecting the management server 500 to the network NW1. For example, the first communication unit 511 is configured by using a wired communication interface that can be connected to the network NW1. The first communication unit 511 is communicably connected to the FW terminal 300 via the network NW1.

The second communication unit 512 is a communication interface for connecting the management server 500 to the network NW2. For example, the second communication unit 512 is configured by using a wired communication interface that can be connected to the network NW2. The second communication unit 512 is communicably connected to the battery switch 600 via the network NW2.

The storage unit 540 is configured by using a storage device such as an HDD or a flash memory. The storage unit 540 stores data of a program executed by the management server 500, communication data transmitted / received to / from another device, and various information related to the operation of the management server 500. For example, the storage unit 540 stores device management information for managing the battery switch 600 to be managed, password information for managing the issued one-time password, and the like. For example, the device information of the battery switch 600 to be managed is registered in the device management information.

The control unit 550 has a function of controlling the operation of the management server 500 by inputting / outputting information to / from the first communication unit 511, the second communication unit 512, and the storage unit 540. Here, the control functions of the control unit 550 include a function of providing password information to the battery switcher 600 to be managed, a function of issuing a one-time password, and a function of authenticating a login request to the battery switcher 600 by online authentication. Features and included. The password information is information indicating a list of a plurality of one-time passwords that can be issued for each battery switch 600. The control unit 550 includes, for example, a password information providing unit 551, an OTPW issuing unit 552, and an online authentication unit 553 as configurations for realizing these functions.

The password information providing unit 551 has a function of generating password information for each battery exchange 600 to be managed. The password information providing unit 551 supplies the generated password information to each battery exchange 600 and records it in the storage unit 540. It is desirable that the password information is stored in a security-protected area of the storage area of the storage unit 540. The password information providing unit 551 may be configured to update the password information at a predetermined timing. For example, the password information providing unit 551 may update the password information once a day. When the password information is updated, the password information providing unit 551 supplies the updated password information to each battery exchange 600. Further, the method of generating the one-time password is not limited to a specific method. The password information providing unit 551 is an example of the authentication information providing unit in the present invention.

The OTPW issuing unit 552 has a function of issuing a one-time password required for logging in to the battery switch 600. Specifically, the OTPW issuing unit 552 identifies the target battery switch 600 (hereinafter referred to as “target device”) for issuing the one-time password based on the device information provided together with the request for issuing the one-time password. Select one one-time password from the one-time passwords registered in the password information of the target device and notify the requester. Hereinafter, the selection and notification of this one-time password is referred to as issuance of the one-time password.

Here, the OTPW issuing unit 552 issues a one-time password when the target device is registered in the management server 500 as a management target, and one when the target device is not registered in the management server 500 as a management target. Do not issue a time password. It is assumed that the device information group of the target device is registered in advance in the storage unit 540 of the management server 500, and the OPTW issuing unit 552 includes the target device information in the registered device information group. If so, it can be determined that the target device is registered in the management server 500 as a management target. Further, the OTPW issuing unit 552 has a function of setting a valid period for the issued one-time password. It should be noted that the one-time password selected from the one-time passwords registered in the password information when the OTPW issuing unit 552 issues the one-time password does not necessarily have to be one, and a plurality of one-time passwords are used at one time. May be configured to issue. The OTPW issuing unit 552 is an example of the authentication information issuing unit in the present invention.

FIG. 2 is a diagram showing an example of password information in this embodiment. For example, the password information is recorded in the storage unit 540 as the password table T1 shown in FIG. For example, the password table T1 consists of one or more records having the device ID, the password character string, and the validity period values. Here, the device ID represents the identification information of the battery switch 600 to be managed. The password character string represents a character string of a one-time password that can be issued to the battery switch 600. The validity period represents the validity period set when the one-time password is issued. For example, when a one-time password is generated, each value of the device ID and the password character string is registered. The OTPW issuing unit 552 determines and registers the valid period at the timing when the one-time password is actually issued. Note that FIG. 2 shows an example of password information generated for the battery switch 600 identified by the device ID of “BEX001”. Such password information is supplied to each battery exchange 600 in advance from the management server 500, and the management server 500 stores the password information for all the battery exchanges 600 to be managed.

Returning to the description of FIG. The online authentication unit 553 has an online authentication function that authenticates a login request to the battery switch 600 in response to the request of the battery switch 600. Specifically, when the online authentication unit 553 receives the online authentication request from the battery switch 600, the online authentication unit 553 regarding the target login request based on the user input information provided from the battery switch 600 together with the authentication request and the password information. Try to authenticate. Here, the user input information is information input to the battery switch 600 as a one-time password for a login request to the battery switch 600. The online authentication unit 553 authenticates the login request to the battery switch 600 when the user input information provided by the battery switch 600 matches any of the valid one-time passwords registered in the password information. The online authentication unit 553 notifies the requesting battery switch 600 of the authentication result.

The valid one-time password here is a one-time password that satisfies each of the following conditions.
-The battery switch 600 to be logged in is registered in the management server 500.
-Of the one-time passwords registered in the password information of the battery switch 600 to be logged in, those for which a valid period has been set (that is, have been issued).
-A one-time password with a valid period that has not expired at this time.

Subsequently, the configuration of the battery switch 600 will be described. The battery changer 600 includes a charger 601, a drive unit 602, a power supply unit 603, a communication unit 610, an input unit 620, a display unit 630, a storage unit 640, and a control unit 650. Among these components, the control unit 650 is realized by, for example, a hardware processor such as a CPU executing a program (software). Some or all of these components may be realized by hardware such as LSI, ASIC, FPGA, GPU (circuit part; including circuitry), or realized by the cooperation of software and hardware. May be good. The program may be stored in advance in a storage device such as an HDD or a flash memory (a storage device including a non-transient storage medium), or a removable storage medium (non-transient) such as a DVD or a CD-ROM. It is stored in a sex storage medium) and may be installed by attaching the storage medium to a drive device.

The charger 601 is a charger for charging the battery. The charger 601 charges the used battery collected in exchange for the charged battery by using the electric power supplied by the power supply unit 603.

The drive unit 602 is a functional unit that realizes a physical operation related to battery charging, and is composed of a combination of various structural members and electronic components. For example, the drive unit 602 includes structural members (not shown) such as a door and a pedestal that constitute a battery charging unit and a battery charging unit. Further, for example, the drive unit 602 includes parts (not shown) such as a motor, a gear, and a shaft that realize opening and closing of a door and movement of a battery inside the battery switch 600. By the operation of the drive unit 602, the battery switch 600 can collect the used battery in the device and discharge the charged battery to the outside of the device in place of the collected used battery. Further, by the operation of the drive unit 602, the battery exchange 600 can connect the used battery collected in the device to the charger 601 and remove the charged battery from the charger 601.

The power supply unit 603 is a functional unit that supplies drive power to the battery switch 600. For example, the power supply unit 603 may be an internal battery or a power supply circuit for inputting power supplied by an external power supply. The internal battery may be a battery or a generator.

The communication unit 610 is a communication interface for connecting the battery switch 600 to the network NW2. The communication unit 610 may be connected to the network NW2 by wire communication, or may be connected to the network NW2 by wireless communication. The communication unit 610 is connected so as to be able to communicate with the management server 500 via the network NW2.

The input unit 620 is configured by using an input device such as a button, a switch, a keyboard, a mouse, and a touch panel. The input unit 620 receives an operation input to the battery switch 600. The input unit 620 outputs input information indicating the contents of the received operation input to the control unit 650.

The display unit 630 is configured by using a display device such as a liquid crystal display, an organic EL display, or a touch panel. The display unit 630 can display arbitrary information based on the instruction of the control unit 650.

The storage unit 640 is configured by using a storage device such as an HDD or a flash memory. The storage unit 640 stores data of a program executed by the battery switch 600, communication data transmitted / received to / from another device, and various information related to the operation of the battery switch 600. For example, the storage unit 640 stores password information supplied from the management server 500. It is desirable that the password information is stored in a security-protected area of the storage area of the storage unit 640.

The control unit 650 has a function of controlling the operation of the battery switch 600 by inputting / outputting information to / from the communication unit 610, the input unit 620, the display unit 630, and the storage unit 640. Here, the control function of the control unit 650 includes a function of controlling various physical operations related to battery charging and replacement, a function of authenticating a login request to the battery switch 600, and password information provided by the management server 500. Includes functions to manage. The control unit 650 includes, for example, a drive control unit 651, a login authentication unit 652, and a password information management unit 653 as a configuration for realizing these functions.

The drive control unit 651 has a function of controlling various physical operations related to charging and replacement of the battery. For example, the drive control unit 651 collects the used battery in the device of the battery exchange 600 by causing the drive unit 602 to perform a predetermined operation in response to the operation of inserting the used battery, and collects the used battery in the device of the battery exchange 600. Instead, the charged battery can be discharged out of the device. Further, for example, the drive control unit 651 can start charging the used battery by causing the drive unit 602 to perform an operation of connecting the collected used battery to the charger 601. Further, for example, the drive control unit 651 can cause the drive unit 602 to perform an operation of removing the charged battery from the charger 601.

The login authentication unit 652 has a function of authenticating a user's login request to the battery switch 600. Specifically, the login authentication unit 652 makes an authentication request by online authentication to the management server 500 in a situation where the battery switch 600 can communicate with the management server 500. On the other hand, the login authentication unit 652 attempts to authenticate the login request by itself by offline authentication when the battery switch 600 cannot communicate with the management server 500. For example, the login authentication unit 652 transmits the device information of the own device and the user input information to the management server 500 when making an authentication request by online authentication. On the other hand, when attempting authentication by offline authentication, the login authentication unit 652 attempts authentication based on the user input information, the current time, and the password information provided in advance from the management server 500. The login authentication unit 652 permits the user to log in to itself when the authentication is successful in either the online authentication or the offline authentication.

3 and 4 are schematic views illustrating a method of authenticating a user login request for the battery switch 600 in the device management system 100 of the present embodiment. FIG. 3 shows an online authentication method when the battery switch 600 can communicate with the management server 500 (hereinafter referred to as “normal time”), and FIG. 4 shows a case where the battery switch 600 cannot communicate with the management server 500 (hereinafter referred to as “normal time”). Hereinafter, the method of offline authentication in the case of "failure") is shown. First, the flow of online authentication in normal times will be described with reference to FIG.

First, the user goes to the installation site of the battery exchange 600 with the FW terminal 300, and reads the device information INF displayed on the battery exchange 600 using the FW terminal 300 (step S11). The user transmits the read device information to the management server 500, and requests the management server 500 to issue a one-time password (step S12). The management server 500 generates a one-time password when the battery switch 600 specified by the device information is registered as a management target, and notifies the FW terminal 300 of the generated one-time password (step S13). The FW terminal 300 causes the display unit 330 to display the one-time password notified from the management server 500.

On the other hand, the battery exchange 600 at this time is in a state of accepting the input of the login operation by the user, for example, displaying the one-time password input screen (hereinafter referred to as "password input screen") on the display unit 630. There is. Here, the user visually confirms the one-time password displayed on the FW terminal 300 (step S14), and inputs the confirmed one-time password on the password input screen displayed on the battery switch 600 (step S15). ). Upon receiving the input of the one-time password, the battery switch 600 transmits the device information and the user input information of the own device to the management server 500, and requests the management server 500 to authenticate the login request for the own device (step S16). .. The management server 500 executes the online authentication process in response to the authentication request of the battery switch 600. Specifically, the management server 500 determines whether or not the login request can be authenticated based on the user input information received from the battery switch 600 and the password information of the battery switch 600 specified by the device information.

Subsequently, the management server 500 notifies the requesting battery switch 600 of the authentication result (step S17). The battery switch 600 allows login to itself if the authentication is successful, and does not allow login to itself if the authentication fails. According to such an authentication method, a one-time password is issued when logging in to the pre-registered battery switch 600, and when the issued one-time password is input to the battery switch 600, the user logs in to the battery switch 600. Can be allowed.

Subsequently, the flow of offline authentication at the time of failure will be described with reference to FIG. In FIG. 4, the same procedures as those for online authentication in normal times are designated by the same reference numerals as those in FIG. 3, and the description of these procedures will be omitted. Here, the management server 500 supplies the password information to the battery switch 600 as a preliminary preparation for offline authentication by the battery switch 600 in a normal time before communication with the battery switch 600 becomes impossible (step S21). The battery exchange 600 records the password information supplied from the management server 500 in the storage unit 640. Further, here, the battery switcher 600 becomes unable to communicate with the management server 500 after the password information is supplied from the management server 500, and in such a situation, the user inputs a one-time password to the battery switcher 600. It shall be performed (step S15).

In this case, since the battery switch 600 cannot communicate with the management server 500, it cannot make an authentication request to the management server 500 by online authentication. Therefore, in this case, the battery switch 600 attempts to authenticate the login request by itself by offline authentication (step S22). Specifically, the battery switch 600 determines whether or not the login request can be authenticated based on the user input information and the password information previously supplied from the management server 500. According to such an authentication method, even in the event of a failure in which the battery switching machine 600 cannot communicate with the management server 500, the battery switching machine 600 can authenticate the login request by itself without requiring the management server 500.

5 and 6 are sequence diagrams showing an example of a flow of processing for authenticating a user login request for the battery switch 600 in the device management system 100 of the present embodiment. FIG. 5 shows a processing flow in a normal time, and FIG. 6 shows a processing flow in a failure time. First, the flow of the authentication process in the normal time will be described with reference to FIG.

First, at the timing when the user tries to log in to the battery switch 600, the battery switch 600 is in the locked state, and the display unit 630 of the battery switch 600 displays a password input screen as a means for releasing the locked state (1). Step S301). In this situation, the user acquires a one-time password from the management server 500 using the FW terminal 300, and inputs the acquired one-time password to the password input screen. Here, the acquisition of the one-time password by the user is performed, for example, in the following flow.

First, the user activates the OTPW application on the FW terminal 300. For example, the user adjusts the position and orientation of the FW terminal 300 so that the device information (or coded information) displayed on the housing surface of the battery switch 600 is displayed in the live view of the OTPW application, and the battery switch 600 Is imaged (step S302). As a result, the image data in which the device information is captured is acquired by the FW terminal 300 (step S303). The OTPW application reads device information from the image displayed in the live view (step S304). The OTPW application requests the management server 500 to issue a one-time password by transmitting the read device information to the management server 500 (step S305).

In response to this request, the management server 500 selects one one-time password from the battery switch 600 password information specified by the device information (step S306), and requests the selected one-time password from the FW terminal 300. (Step S307). Further, the management server 500 sets a valid period for the issued one-time password (step S308). The FW terminal 300 causes the display unit 330 to display the one-time password issued by the management server 500 (step S309). The user visually confirms the one-time password displayed on the FW terminal 300, and inputs the confirmed one-time password on the password input screen displayed on the display unit 630 of the battery switch 600 (step S310).

Subsequently, the battery exchange 600 accepts the input of the one-time password (step S311), and confirms the communication status with the management server 500 (step S312). In the normal state, since the battery switch 600 can normally communicate with the management server 500, the battery switch 600 sends the user input information to the management server 500 and requests the management server 500 to authenticate (step S313). ). The management server 500 receives this authentication request, executes an online authentication process (step S314), and notifies the battery switch 600 of the authentication result (step S315). Upon receiving the notification of the authentication result, the battery exchange 600 determines whether or not the authentication is successful (step S316). Here, if it is determined that the authentication has failed, the battery exchange 600 returns the process to step S311 and prompts the user to input another one-time password. On the other hand, if it is determined that the authentication is successful, the battery switch 600 permits the user to log in to the own device (step S317).

Subsequently, the flow of the authentication process at the time of failure will be described with reference to FIG. In FIG. 6, the same procedures as those in the normal authentication method are designated by the same reference numerals as those in FIG. 5, and the description of these procedures will be omitted. As described with reference to FIG. 2, the management server 500 has a function of supplying password information to the battery exchange 600 in advance. Therefore, in FIG. 6, the management server 500 generates password information (step S401) and transmits the generated password information to the battery switch 600 in the normal time before communication with the battery switch 600 becomes impossible. (Step S402). The battery exchange 600 records the password information received from the management server 500 in the storage unit 640 (step S403).

On the other hand, when a one-time password is input to the battery switch 600 in the event of a failure, it is confirmed that the battery switch 600 cannot normally communicate with the management server 500 (step S404), and the user input information and the user input information are stored in advance. The offline authentication process is executed based on the password information recorded in the unit 640 (step S405). The battery switch 600 determines whether or not the authentication is successful based on the result of the offline authentication process. If the battery switch 600 determines that the authentication has failed, it does not allow login to itself and prompts the user to enter another one-time password. On the other hand, if it is determined that the authentication is successful, the battery exchange 600 permits login to itself (step S317).

FIG. 7 is a flowchart showing an example of the online authentication process in the present embodiment. First, the online authentication unit 553 acquires device information and user input information from the battery switch 600 (step S501). Subsequently, the online authentication unit 553 determines whether or not the acquired user input information is registered in the password information of the battery switch 600 specified by the device information (step S502). Specifically, the online authentication unit 553 determines whether or not the user input information matches any valid one-time password registered in the password information. Here, if the user input information does not match any of the valid one-time passwords, the login authentication unit 652 outputs that the authentication has failed as an authentication result (step S503), and ends the offline authentication process. On the other hand, if the user input information matches any valid one-time password in step S502, the login authentication unit 652 outputs that the authentication was successful as an authentication result (step S504). If the authentication is successful, the login authentication unit 652 deletes the successfully authenticated one-time password from the password information (step S505), and ends the offline authentication process.

FIG. 8 is a flowchart showing an example of the offline authentication process in the present embodiment. As can be seen from FIG. 8, the offline authentication process differs from the online authentication process in that it does not require device information because it is an authentication process by the battery switch 600 itself, but in other respects, it is basically an online authentication process. Same as processing. Therefore, in FIG. 8, the same processes as the online authentication process are designated by the same reference numerals as those in FIG. 7, and the processes related to these processes are omitted. That is, the offline authentication process differs from the online authentication process in that it is not necessary to acquire the device information in the first step and only the user input information is acquired (step S601).

In the device management system 100 of the embodiment configured as described above, the management server 500 generates password information for each one or more battery switchers 600, and the generated password information is supplied to the corresponding battery switcher 600 in advance. The provision unit 551 is provided, and the battery exchanger 600 includes a login authentication unit 652 that transitions the battery exchanger 600 to a state corresponding to a login request based on the password information supplied from the management server 500. By providing such a configuration, the device management system 100 of the embodiment can realize authentication at the time of offline with a simpler configuration.

Specifically, according to the device management system 100 of the present embodiment, the battery switch 600 only needs to receive password information from the management server 500 when performing offline authentication, and offline authentication is performed for the management server 500. There is no need to carry out complicated procedures such as requesting authentication to perform the above. Further, according to the device management system 100 of the present embodiment, offline authentication and online authentication can be implemented with the same configuration, processing is not complicated, and management is simplified.

<First modification>
FIG. 9 is a flowchart showing an example of the offline authentication process according to the first modification. In the offline authentication process of the first modification, the one-time password is converted by a predetermined function (hereinafter referred to as "conversion function") depending on the presence or absence of the conversion setting, and the conversion is performed when the conversion setting is made. It differs from the offline authentication process of the embodiment in that authentication is performed using a one-time password later, but is basically the same as the offline authentication process of the embodiment in other respects. Therefore, in FIG. 9, the same processes as those of the offline authentication process of the embodiment are designated by the same reference numerals as those of FIG. 8, and the processes related to those processes are omitted.
Here, the conversion setting is a setting that makes it possible to select whether or not to provide the password information provided to each battery exchange 600 to each battery exchange 600 after converting the described one-time password with a conversion function. .. It is assumed that the setting information indicating the presence / absence of the conversion setting is stored in advance in the management server 500 and the battery switch 600. When the conversion setting is made in the management server 500, the OTPW issuing unit 552 converts the one-time password described in the password information by the conversion function and provides it to each battery exchange 600. In this case, the OTPW issuing unit 552 shall convert the password information provided to the battery switch 600 into a one-time password, and the password information held in the management server 500 for issuing the one-time password is one. No time password conversion shall be performed. That is, in this case, the OTPW issuing unit 552 issues a one-time password that has not been converted by the conversion function.
On the other hand, in the offline authentication process in the battery switch 600, the login authentication unit 652 determines in step S701 whether or not there is a conversion setting. If the conversion setting is not made, the login authentication unit 652 proceeds to the process in step S503, and if the conversion setting is made, the user input information acquired in step S601 is converted into the same conversion function as that of the management server 500. After conversion, the process proceeds to step S503 (step S702).
According to the offline authentication process of the first modification, the password information converted by the predetermined conversion function is supplied to each battery switch 600, so that the security of the one-time password can be enhanced. Specifically, even if the password information leaks from the battery switch 600, if the conversion function is unknown, the original one-time password cannot be obtained based on the conversion function. Further, if an irreversible conversion function such as a hash function is used as the conversion function, it is difficult to obtain the original one-time password even if the conversion function is further leaked. Therefore, according to the offline authentication process of the first modification, it is possible to suppress the leakage of the original one-time password, so that the security of the one-time password can be enhanced.

<Second modification>
In the above embodiment, the management server 500 generates password information in advance and requests the issuance of the one-time password regardless of whether the one-time password is used for online authentication or offline authentication. When received, the case where one one-time password is selected from the one-time password described in the password information and issued is described. However, this is an example of how to issue a one-time password for offline authentication, and the one-time password for online authentication and the one-time password for offline authentication must be selected from the same candidate. It doesn't mean anything. For example, if the management server 500 can identify whether the requested one-time password is used for online authentication or offline authentication, the management server 500 describes the one-time password for offline authentication. The information may be configured to be pre-shared with each battery switch 600. In this case, when the management server 500 receives a request to issue a one-time password for offline authentication, the management server 500 selects one one-time password from the one-time passwords described in the password information shared in advance. The one-time password for online authentication may be configured to generate the one-time password after receiving the issuance request.

The embodiment described above can be expressed as follows.
In a device management system including a managed device that authenticates a login request to its own device and a management device that can communicate with one or more of the managed devices, the managed device and the management device are
A storage device that stores the program and
With a hardware processor,
The management device generates an authentication information group including a plurality of authentication information required for authentication of the login request for each managed device and provides the authentication information group to each managed device.
The managed device transitions its own device to a state corresponding to the login request based on the authentication information group provided by the management device.
A device management system that is configured to be.

Although the embodiments for carrying out the present invention have been described above using the embodiments, the present invention is not limited to these embodiments, and various modifications and substitutions are made without departing from the gist of the present invention. Can be added.

100 ... Equipment management system, 300 ... FW (Field Worker) terminal, 301 ... Imaging unit, 310 ... Wireless communication unit, 320 ... Input unit, 330 ... Display unit, 340 ... Storage unit, 350 ... Control unit, 351 ... Equipment information Acquisition unit, 352 ... OTPW (One-Time Password) acquisition unit, 500 ... Management server, 511 ... First communication unit, 512 ... Second communication unit, 540 ... Storage unit, 550 ... Control unit, 551 ... Password information provision unit , 552 ... OTPW issuing unit, 552 ... online authentication unit, 600 ... battery switch, 601 ... charger, 602 ... drive unit, 603 ... power supply unit, 610 ... communication unit, 620 ... input unit, 630 ... display unit, 640 ... Storage unit, 650 ... Control unit, 651 ... Drive control unit, 652 ... Login authentication unit, 653 ... Password information management unit

Claims (12)

A device management system including one or more managed devices for authenticating a login request to the own device and a management device capable of communicating with the managed device.
The management device is
Each managed device is provided with an authentication information providing unit that generates and provides an authentication information group including a plurality of authentication information required for authentication of the login request.
The managed device is
It is provided with an authentication unit that transitions its own device to a state corresponding to the login request based on the authentication information group provided by the management device.
Equipment management system. The management device is
A device information acquisition unit that acquires device information that enables identification of the managed device from devices other than the managed device, and
When the acquired device information is included in the device information group registered in advance, one or more authentication information is selected from the authentication information group generated for the managed device identified by the device information. And the authentication information issuing unit that issues to the other devices,
Further prepare,
The device management system according to claim 1. The device information acquisition unit acquires the device information by image recognition processing for an image showing the device information or an image showing information encoded from the device information.
The device management system according to claim 2. The authentication information providing unit updates the authentication information group at a predetermined timing, and provides the updated authentication information group to the managed device.
The managed device is
Further provided is an authentication information management unit that updates the current authentication information group with the updated authentication information group when the updated authentication information group is provided from the management device.
The device management system according to any one of claims 1 to 3. The authentication information providing unit provides each managed device with a converted authentication information group obtained by converting the generated authentication information group using a predetermined conversion function.
The device management system according to any one of claims 1 to 4. The authentication unit authenticates the login request when the input information input to the own device in connection with the login request matches the authentication information of any one of the authentication information groups supplied from the management device. ,
The device management system according to any one of claims 1 to 5. When the authentication unit succeeds in authenticating the login request, the authentication unit deletes the authentication information matching the input information from the authentication information group supplied from the management device.
The device management system according to claim 6. An authentication information providing unit that generates an authentication information group containing a plurality of authentication information necessary for authenticating a login request for one or more managed devices for each managed device and provides it to each managed device.
A storage unit that stores the authentication information group for each managed device,
An authentication unit that transitions the managed device to a state corresponding to the login request based on the authentication information group generated for the managed device in response to the request of the managed device.
With the authentication information issuing unit that the own device or the managed device issues the authentication information necessary for transitioning the managed device to the state corresponding to the login request based on the authentication information group generated for the managed device. ,
A management device equipped with. It is a communication device that can communicate with the management device.
A storage unit that stores in advance an authentication information group that includes a plurality of authentication information necessary for authenticating a login request to the own device, which is an authentication information group provided by the management device.
An authentication unit that transitions its own device to a state corresponding to the login request based on the authentication information group stored in the storage unit when the login request is received in a situation where communication with the management device is not possible.
Communication equipment equipped with. In a device management system including one or more managed devices for authenticating a login request to the own device and a management device capable of communicating with the managed device.
The management device generates an authentication information group including a plurality of authentication information necessary for authenticating the login request to the managed device for each managed device and provides the managed device to each managed device.
The managed device transitions its own device to a state corresponding to the login request based on the authentication information group provided by the management device.
Equipment management method. On the computer
An authentication information group containing a plurality of authentication information necessary for authenticating a login request to one or more managed devices is generated for each managed device and provided to each managed device.
The authentication information group for each managed device is stored in the storage unit, and is stored.
In response to the request of the managed device, the managed device is transitioned to the state corresponding to the login request based on the authentication information group generated for the managed device.
The own device or the managed device issues authentication information necessary for authenticating a login request to the managed device based on the authentication information group generated for the managed device.
program. For computers that can communicate with management devices
An authentication information group provided in advance from the management device, which includes a plurality of authentication information necessary for authenticating a login request to the own device, is stored in the storage unit.
When the login request is received in a situation where communication with the management device is not possible, the own device is changed to the state corresponding to the login request based on the authentication information group stored in the storage unit.
program.

Images